Archive
Monthly Archives: April 2017

If you work in the distribution/manufacturing industry, then it’s likely a lot of your clients are pretty big names. They need your services to help them run their businesses, which could very well be large, powerful companies. Therefore, these clients will have very high expectations of your company’s security and expect certain standards when you collect their sensitive information.

If you’re a small business with big clients, your cyber security better measure up. Here’s why:

You Should Provide Your Client With a Huge Sense of Security

If you work in manufacturing or distributions, then you need to have tight security on all levels. Even if you’re a small business, it’s likely you could be doing work with a lot of different clients.

From the time a new client walks in the door (or sends you an email inquiring about your services) their information needs to be 100% secure. They’re already well aware of the consequences if your systems are non-compliant.

Are you?

Don’t even give them a chance to wonder. Pride yourself on letting your clients and future clients know what steps you’ve taken to make sure their information is safe with you.

Word of Your Security Situation Can Spread Quickly

If you’re the business that big-name companies come to, you’re most likely a household name in those industries. Clients are quick to recommend their friends to a company like yours. If you’ve been around a while, a lot of people probably know you.

But, there’s also a chance that if you’ve been around a while, cyber security may not have been such a concern ten or fifteen years ago. People are going to want to know you’ve stepped up your game to accommodate them. If someone knows you’re not taking those measures seriously, people will know.

You don’t want people saying, “Be careful with that guy.” Instead, you want them saying, “You’ll never have any issues with him!” Most of all, it’s important to remember that if you’re the leader of your company,

If Their Data isn’t Protected, You Could Face Legal Consequences

If you’re taking any payment card information or other sensitive information from your clients, then you must be held to certain standards. If those standards aren’t met, you don’t even need to have a data breach in order to be fined. But, if you do experience a breach and the information of your “VIP” clients gets leaked, you could easily face tough legal consequences. The price you’d have to pay could wipe out your business entirely…if you’re lucky.

Nowadays, Expectations are High for Everyone

While manufacturing and distribution companies should, for these reasons, take more precautions to keep their customers’ data safe, they aren’t the only ones. Small businesses like these need to take extra care in protecting their data from the get-go, as they can be easier targets with fewer resources to handle such a thing.

But, it’s not just about small businesses, big businesses, or the type of industry you’re in. These days, customers everywhere are well aware of what can happen to their information in a data breach, and how easily hackers can get their hands on it. Therefore, expectations are high for EVERYONE, no matter what kind of business you’re in.

Don’t be the company who loses business because you thought you could take the chance. Trust us, it’s not worth it.

For company leaders that are already investing in cyber security, you don’t need a reminder of why it’s so important. You’re probably well aware of the seriousness and frequencies of data breaches these days, and you, therefore, want to make sure you’re protected at all costs. But, for those who still haven’t taken that budget leap, know that a cyber insurance plan can help offset major costs associated with any type of data breach.

Is that still not enough of a reason to allocate your budget to insurance? Then consider this. What if you could save money on your cyber insurance premium, just by being proactive? Would that be enough to push you to make the right decision for your company?

We’ll tell you more:

The Costs of Cyber Insurance

Cyber insurance isn’t cheap per se, but it can be affordable. And, when you consider how much it would cost to make “repairs” after a data breach, (often thousands upon thousands of dollars, depending on the size of your company and the extent of the damage) it’s definitely worth the price.

Like any other type of insurance, you pay a premium every month, and you can be covered for A LOT. This can be anything from privacy liability to lawyers, plaintiff lawsuits, forensic investigations, PR, penalties and fines, etc. Does that sound expensive already? We’re only scratching the surface. But, what if you could clear all the anxiety about the “what ifs” just by paying a premium every month?

Cyber insurance policies can be customized to your needs. You can go based on the size of your company, what industry you’re in, and ultimately what the stakes would be. No two policies are the same. Some premiums can be as low as $1,000 per year, while others can be as high as $50,000. But, don’t worry. It’s typical that the premium you pay is relative to what your company earns.

Still, that’s a lot of money, especially for a start-up.

This is usually the biggest factor that deters people from taking out cyber insurance in the first place. They just don’t see that it makes sense to add something onto the budget that hasn’t even happened yet.

IT companies who specialize in cyber security understand this. So, we’ll let you in on a little secret. One that only professionals know about.

You can actually save a huge amount of money on your policy premium if you just take a few steps, first. We’re talking around 60%. Here’s how:

How to Save on Your Cyber Insurance Premium

All you have to do is be proactive. How do you do that? It’s easy. Get yourself a network assessment from an unbiased third-party. These professionals will analyze and evaluate your system for any vulnerabilities. If they find something that makes your security weaker than it should be, they’ll let you know and fix it up for you. Then, they’ll issue you a document proving you’ve done the assessment. This document will say that you’ve taken all the precautions you can on your end to make sure your system is as secure as possible.

Of course, even if you take those steps, hackers can still find a way in. That’s why it’s important to have cyber insurance, so you’re covered no matter what. However, we can understand how frustrating it can be to spend money on an assessment that’s supposed to clear you, but then having to spend more money on insurance, anyway.

So, here’s how you save. Just bring that assessment to wherever you’re purchasing your cyber insurance plan from. Show them the measures you’ve taken (again, all explained in that assessment overview). More often than not, you can get a huge discount on your policy premium just with that paper. If they’re not eager to offer you that discount, then tell them what you now know!

After all, the law favors those who make an effort from the get go. Also, the more you do now will be less for the insurance provider to have to worry about when they cover you.

Last year, Yahoo! reported two major data breaches which were the largest data breaches the world had ever seen. The first breach occurred in 2014 and reportedly compromised more than 500 million accounts. The second breach Yahoo! reported, which happened back in 2013, compromised more than one billion user accounts. While data breaches can happen to anyone, the extent of damage in the Yahoo! case raised suspicions. How was it that so many user accounts easily got hacked, and why did it take so long before anyone knew what happened?

Now, it’s becoming more clear what actually led to such a disaster.

While many of us can sit and judge Yahoo! for its mistakes, there’s actually a lot your company should learn from the Yahoo! breach.

What Information was Leaked?

When a data breach happens, there’s no limit as to what the hackers can take. Whether you work in the PCI or in the healthcare industry, a customer’s information can be used to do all sorts of terrible things. In the case of the Yahoo! breach, although financial information was likely not taken, the hackers did get their hands on everything from names and email addresses, to birthdates and encrypted security passwords. Obviously, this information can be used to ultimately take financial information.

Who Was to Blame?

With a record number of accounts compromised, it was only a matter of time before the higher-ups at Yahoo! started pointing fingers. After all, no one wants to take the blame in such a newsworthy situation. Ultimately, Yahoo Inc. directed attention to the executives for not taking appropriate action to investigate the breach, let alone take steps to try and prevent it from happening in the first place.

A review by Yahoo!’s board revealed some concerning truths. Supposedly, there was a complete disconnect in internal reporting and management, which was probably what allowed the hackers to slip through so easily and do so much damage. The consequences for the people held responsible were life-changing. One of Yahoo!’s lawyers stepped down, CEO Marissa Mayer didn’t receive her bonus, and needless to say, their stock went down dramatically. The FBI is currently investigating the details.

So, do you think Yahoo! was right in blaming their executives, even though it could have been an IT or internal problem? Actually, yes.

The Leaders of the Company are ALWAYS Responsible

There are a lot of things that can cause a data breach. And, a report done by the Online Trust Alliance (OTA) showed that over 90% of hacks in the first half of 2014 were preventable. Whether it was an outside hacker or an error on the staff’s part, that’s a pretty shocking number. So, when it comes to Yahoo!, why couldn’t they see it sooner?

Though we don’t know all the answers yet, it’s likely that the breakup in communication allowed the hack to happen so easily, and more than once. No matter what the actual cause is, any time a data breach occurs, it’s always the responsibility of the company executive, much of the same way a captain needs to go down with his or her ship. This is why Yahoo!’s CEO had to take the blame and a pay cut as a consequence, which could have definitely been worse. At the end of the day, it’s the company executive’s responsibility to help prevent data breaches as best as possible.

Here’s How You Don’t End Up Like Yahoo!

You understand the responsibility you hold as an executive. That’s great. But, you might be feeling overwhelmed with this responsibility, as data breaches can still occur even after taking the property security measures. But, don’t be alarmed. As long as you’re taking the steps to be cyber-compliant, you have security protocol for staff, and you make sure your systems are secure as possible on a regular basis, you don’t have much to worry about!

We all make mistakes. I mean, we’re only human after all. But did you know that according to CompTIA’s Trends in Information Security study, human error actually accounts for 52 percent of security and data breaches? Yikes, looks like being human can be a big cause for concern when it comes to any business’s data security.

Although human error is normal and inevitable in some cases, it can be more of a threat to businesses than most are aware of! Backup and disaster recovery (BDR) plays an important role in ensuring that these mistakes don’t turn into serious problems. Read on about these threats to discover how to protect yourself against potential data disasters.

What Is Human Error?

Any business with employees has something to worry about when human error is this high. However, it can be difficult to define because error comes in many forms. Typically, it involves circumstances in which certain actions, decisions or behaviors threaten business security. Some goofs and gaffes may seem harmless, but major slip-ups happen more often than you’d think and can seriously jeopardize sensitive data. So why are these mistakes so threatening to IT environments, and just what kind of bad habits should be corrected? Here are some examples of what human error could look like:

Using weak passwords

Although passwords may seem like the most basic security technique, they can be easily cracked or obtained by malicious perpetrators when not handled with proper care. In this year’s Verizon Data Breach Investigations Report, they found that 63 percent of confirmed data breaches involved using weak, default or stolen passwords. This goes to show that using simple passwords, sharing them with other employees or even leaving Post-Its with credentials lying around, can lead to precious and private data being compromised.

Low security awareness

Most employees have a surprisingly low awareness about phishing and other cybersecurity attacks. According to the same Verizon report, 30 percent of phishing emails were opened, and of those, 13 percent caused malware to activate. Emails containing malicious links are becoming increasingly sophisticated, and malware authors are finding new ways to bypass filters and make it to your inbox. Without full user awareness of these security risks, employees could click on phishing links, exposing their network to viruses and malware. Employees with insufficient cybersecurity education could be unknowingly helping hackers gain access to their business networks. What would that mean for you? Do you know how to spot a malicious scheme before the damage is done?

Carelessly handling data

We’ve all had those days when we’re not feeling at the top of our game, but when it comes to handling sensitive company data, careless actions can result in major disaster. According to the same study by CompTIA, 42 percent of error-related breaches are caused by “general carelessness” of users or employees. Whether it be accidentally deleting important files, sending company data to the wrong email recipient, neglecting software updates, or even misplacing mobile devices – a little carelessness can cause a lot of trouble.

Why Is Human Error a Threat?

Most businesses are unaware that the greatest security threat could be internal. With criminal cyber-activity on the rise, not enough business owners are paying attention to the avoidable consequences of human error. Unfortunately, people still suffer from what I like to call the “this could never happen to me” mindset.

You could have the best technology and procedures in place, or a well-thought out disaster plan, but one unforeseen slip-up by an employee could mean the end of the road. It is your Managed Service Provider’s responsibility to ensure that your network and data are protected from these potential threats. Understanding that human error is the root of these problems is only the first step, so what else can you do?

Have a Strategic Business Advisor

Having an effective backup and disaster recovery (BDR) solution can give you the opportunity to strengthen your data security, but there are other methods as well.

Walk through your errors

Talking about common mistakes and mapping them out is the best way to work through problems. Tracking and analyzing how errors occur can help you minimize the chances of them happening again and also mitigate the potential damage.

Create a solid security policy

It’s always a good idea to have a documented procedure when it comes to data security. Strategically creating rules and best practices will ensure clarity and that all company data and information is being handled and stored properly.

Inform and train

CompTIA’s study also revealed that only 54 percent of companies offer some form of cybersecurity training! Avoid falling under that statistic and use your BDR advisor to educate yourself and your employees about smart security procedures. Have a conversation with them about the daily threats that human error can pose, or provide tips on security best practices. This will also open the opportunity to reinforce the benefits of your BDR solution, the ultimate backup plan. Employees at all levels within your company will walk away with a better appreciation for how a business continuity solution can protect your bottom line if and when human error occurs.

In the end, eliminating human error is nearly impossible, but having a BDR solution will help ensure the preservation of sensitive company data in the event someone makes a business-crippling mistake. Remember, users likely won’t know if they’re endangering corporate proprietary information because they’re probably not familiar with the various data threats to watch out for. Set your company up for success by regularly having an open dialogue with your backup and disaster recovery provider.

If you work in the healthcare industry, then you already know how important it is to follow HIPAA regulations. Many companies who are serious about maintaining their adherence invest in a third-party expert to help them make sure their systems are HIPAA compliant. But, as we very well know, there are also many companies who haven’t taken that precaution yet. They may say it’s because of the budget, the time, or, they feel that their IT team already has it all taken care of.

But, if you’re not cyber-compliant and a data breach occurs, you will have violated HIPAA laws. When that happens, you can expect a huge penalty. Not only that, but you will you risk losing patients and potentially your entire business. Why take the risk? If you violate those HIPAA laws, here are the penalties you could be looking at:

The Categories of HIPAA Violations

When it comes to violating HIPAA laws, there are four categories the violation can fall under. The first category is when a violation could not have easily been avoided, even with proper care, whereas the fourth category is complete willful neglect, without any attempt to repair the violation. Of course, everything in between that gets gradually more severe from level one. Depending on what category the violation falls under, it will determine how much your fine will be.

Category One: (Someone who did not know they violated HIPAA) A minimum of $100, maximum, $50,000.

Category Two: (A violation someone should have been aware of, but could not have avoided) A minimum of $1,000, maximum of $50,000.

Category Three: (A violation due to willful neglect, but that tried to be repaired) A minimum of $10,000, maximum of $50,000.

Category Four: (Complete neglect without any attempt to repair the violation) A minimum of $50,000.

So, what constitutes “willful neglect” and how are these amounts determined? In this case, “willful neglect” means “conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated.” As far as the fines go, the Office of Civil Rights, or the OCR, determines the amount based on the nature and extent of the harm done to the individual or individuals whose information was taken in the breach.

The Chance of Jail Time

Not only does a HIPAA violation incur a monetary penalty, but it can also result in jail time. In most cases, this wouldn’t affect an ordinary healthcare office that experiences an unfortunate breach one time. Jail time would be given to someone accused of disclosing private information about patients as a criminal offense.

There are tiers to this as well. The first tier is when someone deliberately acquires someone’s information. The second tier is acquiring the information through deception. And, the third tier is using the information to make a profit. In addition to a hefty fine, jail time can be anything from one year to ten years in prison.

Remember, even if you’re not directly responsible, if you run an office, you are responsible for your staff. You never know when private information can fall into the wrong hands.

Who Does the Prosecuting?

A patient’s privacy when they walk into any doctor’s office is their right. Therefore, it’s no wonder HIPAA violations are taken very seriously. If you violate HIPAA laws, you won’t just be dealing with that patient’s lawyer. You’ll be dealing with the United States’ Government.

Those in charge of enforcing HIPAA laws include the U.S. Department of Health and Human Services (HHS), and as mentioned before, the Office Of Civil Rights (OCR).

Why HIPAA Compliance is So Important

Last but not least, it’s important to know that you can still be hit with a penalty even if a data breach never occurred. How? Well, if you’re not taking the steps to be HIPAA compliant and an auditor shows up at your office, they can fine you just for not being responsible.

Why wait until that happens? If you work in the healthcare industry, it’s your job to protect your patients’ privacy as well as the jobs of your employees, which could be in jeopardy if there is a breach. Being HIPAA compliant isn’t hard to do. Just hire a third-party service provider to check your system. That’s it!